top | item 35951110

(no title)

DethNinja | 2 years ago

But you can just issue an identical certificate to an existing website's certificate via the private key, it doesn't even need to enter to CT logs, it will have 100% identical fingerprint to original certificate, no?

You can then intercept everything through the ISP gateway. It would be theoretically possible to fragment the entire internet this way via coordinating with the ISPs.

discuss

jchw|2 years ago

Nope! That would require the server operator to participate; pwning the CA gives you nothing. CAs that issue private keys for you are banned, to my knowledge, for the type of certificates that browsers trust; if a CA offers this, they'll be kicked out of being trusted by browsers. A CA is only allowed to sign a key via a CSR, and therefore the CA never sees the private key of a certificate.

This has been the standard for a pretty long time, and it of course still works this way with ACME certificate issuance as well. Very neat imo.

freeflight|2 years ago

> Nope! That would require the server operator to participate

Or it would require compromising the server [0]

[0] https://www.csoonline.com/article/3137065/shadow-brokers-lea...